I moved my blog to edge-security.blogspot.com, please update your RSS readers. Edge-security members posting together in one place. :)
Thursday 23 June 2011
Monday 25 April 2011
Burpstrike
I read this blog post about running w3af plugins in Burpsuite:
http://blog.ombrepixel.com/post/2010/09/09/Running-w3af-plugins-in-Burp-Suite
I thought it was such a great idea that I decided to do the same with my friend's Carlos del Ojo, aka deepbit, proxystrike tool. You can find more details about this tool at http://www.edge-security.com/proxystrike.php.
I'm new to jython and i've found some problems regarding imports, enabling readline, enabling setuptools and some "maximum recursion depth exceeded" errors, so this code should be expected as been buggy and not very reliable because it is only a proof-of-concept and it lacks a lot of features but it is useful enough to play with.
You can run burpstrike from linux using the shell script burpstrike.sh. This script will launch the burpstrike console and burp suite itself.
I've tested the tool with acunetix's vulnerable demo web http://testasp.vulnweb.com and burpsuite_v1.3.03.jar:
First of all, you have to add the testing site to burp scope and then enable burpstrike and all its plugins with:
enable
activate_plugins
Every vulnerability will be reflected in the alert tab of burp and also using the command "issues" from burpstrike's command line:
<pre>
(Cmd) enable
(Cmd) activate_plugins
Cross site scripting
URL:http://testasp.vulnweb.com:80/Search.asp?tfSearch=test
Origin: Gazpacho
Detail: [(True, 'GET', u'tfSearch', ["' (Single Quotes) (Normal Encoding)", '" (Double Quotes) (Normal Encoding)', '<, > (Less than and great than symbols) (Normal Encoding)', '( ) (Parenthesis) (Normal Encoding)', 'Scripting keywords enabled (Normal Encoding)'], u'test')]
</pre>
You can download the tool from http://code.google.com/p/pysqlin/downloads/list.
Enjoy!
http://blog.ombrepixel.com/post/2010/09/09/Running-w3af-plugins-in-Burp-Suite
I thought it was such a great idea that I decided to do the same with my friend's Carlos del Ojo, aka deepbit, proxystrike tool. You can find more details about this tool at http://www.edge-security.com/proxystrike.php.
I'm new to jython and i've found some problems regarding imports, enabling readline, enabling setuptools and some "maximum recursion depth exceeded" errors, so this code should be expected as been buggy and not very reliable because it is only a proof-of-concept and it lacks a lot of features but it is useful enough to play with.
You can run burpstrike from linux using the shell script burpstrike.sh. This script will launch the burpstrike console and burp suite itself.
I've tested the tool with acunetix's vulnerable demo web http://testasp.vulnweb.com and burpsuite_v1.3.03.jar:
First of all, you have to add the testing site to burp scope and then enable burpstrike and all its plugins with:
enable
activate_plugins
Every vulnerability will be reflected in the alert tab of burp and also using the command "issues" from burpstrike's command line:
<pre>
(Cmd) enable
(Cmd) activate_plugins
(Cmd) issues
Cross site scripting
URL:http://testasp.vulnweb.com:80/Search.asp?tfSearch=test
Origin: Gazpacho
Detail: [(True, 'GET', u'tfSearch', ["' (Single Quotes) (Normal Encoding)", '" (Double Quotes) (Normal Encoding)', '<, > (Less than and great than symbols) (Normal Encoding)', '( ) (Parenthesis) (Normal Encoding)', 'Scripting keywords enabled (Normal Encoding)'], u'test')]
</pre>
You can download the tool from http://code.google.com/p/pysqlin/downloads/list.
Enjoy!
Tuesday 19 April 2011
certlookup
Last week I was performing a network assessment; when I was trying to identify the DNS names behind a few IPs I wrote this little script to retrieve domain names thorugh the CommonName of a SSL certificate:
May be it is useful for someone else! You can download it from: http://code.google.com/p/pysqlin/downloads/list
Usage: certlookup.py [--help] [--verbose] -h <ip> [-i=$in] [-p <port>] [--mtree=$out] Examples:
$ python certlookup.py -h 69.58.181.89 www.verisign.com (69.58.181.89) $ echo -e "69.58.181.89\t443" > /tmp/a $ python certlookup.py -i /tmp/a www.verisign.com (69.58.181.89) MagicTree integration: certlookup.py -i=$i --mtree=$out The input file must be a list of: ip<TAB>port
May be it is useful for someone else! You can download it from: http://code.google.com/p/pysqlin/downloads/list
It should be noted that this functionality can be found in complete framework discovery tools like hostmap or Yeti.
Saturday 16 April 2011
First post!
Wellcome to pysqlin blog.
"No dejes para maƱana lo que puedas hacer hoy" - Spanish proverb
I've thinking about writing a blog with my own ideas, code snippets or projects related to IT security and other stuff since ages.
As a colleague of mine says - A step behind :)
Let's try to change that...
"No dejes para maƱana lo que puedas hacer hoy" - Spanish proverb
I've thinking about writing a blog with my own ideas, code snippets or projects related to IT security and other stuff since ages.
As a colleague of mine says - A step behind :)
Let's try to change that...
Subscribe to:
Posts (Atom)